Update mastodon/AP

protocols/activitypub.md

@@ -8,7 +8,7 @@ ActivityPub consists of two layers: A server-to-server federation protocol, and
 
 Users in ActivityPub are conceptualized as actor objects. Actor to actor communication bears a resemblance to email. To be spec compliant, each actor _must_ have an "inbox" and an "outbox" endpoint, as URLs which are accessible on the server. They also _should_ have "following" and "followers". They _may_ have "liked" collections, and many other predefined possibilities.
 
-[Authentication](https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization): Server to server federation is authenticated using HTTP Signatures. Each actor has a public and private keypair, and a publicly accessible JSON-LD document retrievable over HTTP which contains its public key. Each message the server sends on behalf of an Actor is signed by this key. When a remote server receives a POST to its inbox, it verifies the signature on the HTTP request. To verify object integrity, linked data signatures are used to sign the object with the publicKey of the actor who authored it.
+[Authentication](https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization): Server to server federation is authenticated using HTTP Signatures. The server creates a public and private keypair for each actor, and a publicly accessible JSON-LD document retrievable over HTTP which contains its public key. Each message the server sends on behalf of an actor is signed by its key. When a remote server receives a POST to its inbox, it verifies the signature on the HTTP request. To verify object integrity, linked data signatures are used to sign the object with the publicKey of the actor who authored it.
 
 A [paper](https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/activitypub-decentralized-distributed.md) from the 2017 Rebooting the Web of Trust conference describes how distributed, cryptographic identities could be added to ActivityPub.